Hijacking system("/bin/sh") to run arbitrary commands
10,731
If you execute
system("/bin/bash");
the shell enters into interactive mode. It reads commands from standard input and writes answers to standard output. The standard input and output is inherited from the calling (your) program. Your program will wait until the shell finishes (i.e. until you enter the command exit
or you type ^D at the beginning of line). The shell will run with the same privileges as the calling program.
Author by
user3312767
Updated on June 04, 2022Comments
-
user3312767 almost 2 years
I'm trying to perform a privilege escalation attack using a binary which performs the call:
system("/bin/sh");
Is there a way to pass commands as "arguments" or such with the opened shell? (I don't see it opening, I guess it runs and dies as soon as it has nothing to do which is immediately).
Edit: I Cannot edit the code. It's compiled already.
-
Charles Duffy about 7 yearsIf the OP had an interactive TTY (and it were passed through on stdin), then the shell wouldn't be "immediately" exiting as they describe.